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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including tine fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on April 
29, 2008 has been entered. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-11 have been considered but 
are moot in view of the new grounds of rejection. 

Claim Rejections - 35 USC § 103 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

4. Claims 1 - 1 1 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Pierce in view of Scheidt et al's US Patent 6,490,680 B1 in view of Gruber. 

5. Referring to claims 1 and 10, Pierce discloses: 

a. Creating a timestamp that includes an expiration time (page 7, paragraph 
76), and a security token (figure 4), and inserting them in the header (page 9, 
paragraph 89). 
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b. Encrypting data to be transferred witli a secret l<ey (page 2, paragrapli 1 9, 
and inserting it in the body (page 8, paragraph 88). 

c. Attaching a digital signature to create a signature, and inserting it in the 
header (page 8, paragraph 86). 

d. Encrypting the secret l<ey with the service key (page 7, paragraph 77) and 
Inserting It In the header (page 9, paragraph 89). The key is encrypted In the 
token which is then in the header. Therefor the key is in the header. The service 
key could be a public key (page 4, paragraph 40). 

6. Pierce does not explicitly disclose the digital signature being encrypted In the 
header, or the header containing routing information. However, Scheldt discloses the 
header containing the creators identity, and labels to define the audience of the file 
(column 4, lines 53-61). Scheldt goes on to disclose the digital signature being 
encrypted In the message header (column 1 7, lines 1-11) and that the digital signature 
Is verification of the original signer of the message (column 6, lines 56-59). 

7. Pierce and Scheldt are analogous art because they are from the same field of 
endeavor, securing data that is transferred. At the time of the invention, it would have 
been obvious to one of ordinary skill In the art, having the teachings of Pierce and 
Scheldt before him or her, to modify Pierce to include the digital signature encryption, 
and recipient Information of Scheldt. The motivation for doing so would have been that 
so the signatory cannot deny having signed the object (column 6, lines 56-59). 

8. Pierce in view of Scheldt does not explicitly disclose a creation time. However, 
Gruber discloses indicating a start time and end time (page 2, paragraph 11). 



Application/Control Number: 10/750,516 Page 4 

Art Unit: 2132 

9. Pierce, Sclieidt and Gruber are analogous art because they are from the same 
field of endeavor, securing data. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Pierce, Scheldt and Gruber 
before him or her, to modify Pierce in view of Scheldt to include the creation time and 
expiration of Gruber. The motivation for doing so would have been to make clear when 
the approval started. 

10. Referring to claim 2, Pierce teaches that the session key is used to both encrypt 
(page 2, paragraph 19) and decrypt (page 2, paragraph 21) the data . It is inherent that 
the session key is symmetric. 

1 1 . Referring to claim 3, Pierce teaches that the public key encryption done on the 
secret key is asymmetric (page 4, paragraph 40). 

12. Referring to claim 4, since a SOAP message is XML (Pierce, Page 8, Paragraph 
83) it is understood that the encryption would be using an XML algorithm. 

1 3. Referring to claims 5 and 1 1 , Pierce teaches: 

e. Acquiring a certificate for verifying a signature of the SOAP message 
(page 8, paragraph 86). 

f. Decrypting an encrypted key in the security header(page 7, paragraph 71 ) 
with a private key (page 4, paragraph 40). 

g. Inserting a digital signature in the header (page 8, paragraph 86). 

h. Verifying the signature is not specifically stated, but Pierce does state that 
the system would be able to check the validity of the signature (page 8, 
paragraph 86). 
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1. Decrypting tine encrypted data in the SOAP body with the secret key (page 

2, paragraph 21). 

14. Pierce does not explicitly disclose decrypting the digital signature or the header 
containing routing information. However, Scheldt discloses the header containing the 
creators identity, and labels to define the audience of the file (column 4, lines 53-61 ). 
Scheidt goes on to disclose the digital signature being decrypted (column 17, lines 18- 
20) and that the digital signature is verification of the original signer of the message 
(column 6, lines 56-59). 

1 5. Pierce and Scheidt are analogous art because they are from the same field of 
endeavor, securing data that is transferred. At the time of the invention, it would have 
been obvious to one of ordinary skill in the art, having the teachings of Pierce and 
Scheidt before him or her, to modify Pierce to include the digital signature decryption, 
and recipient information of Scheidt. The motivation for doing so would have been that 
so the signatory cannot deny having signed the object (column 6, lines 56-59). 

1 6. Pierce in view of Scheidt does not explicitly disclose the certificate being in the 
security token which is in the header. However, Gruber discloses the token being a 
certificate (page 2, paragraph 21) and that the header contains the token (page 5, claim 
19). The token also contains a signature that verifies identification (page 4, paragraph 
30). 

1 7. Pierce, Scheidt and Gruber are analogous art because they are from the same 
field of endeavor, securing data. At the time of the invention, it would have been obvious 
to one of ordinary skill in the art, having the teachings of Pierce, Scheidt and Gruber 



Application/Control Number: 10/750,516 Page 6 

Art Unit: 2132 

before him or her, to modify Pierce in view of Scheidt to include token being the 
certificate that is in the header of Gruber. The motivation for doing so would have been 
to be able to verify the identification (page 4, paragraph 30). 

1 8. Referring to claim 6, Pierce teaches the passing of the certificate as it is part of 
the security-concerning information (page 8, paragraph 86). In the specification the 
applicant defines a security token as security-concerning information. 

19. Referring to claim 7, Pierce teaches that the session key is used to both encrypt 
(page 2, paragraph 19) and decrypt (page 2, paragraph 21) the data . It is inherent that 
the session key is symmetric. 

20. Referring to claim 8, Pierce teaches that the public key encryption done on the 
secret key is asymmetric (page 4, paragraph 40). 

21 . Referring to claim 9, since a SOAP message is XML (Pierce, Page 8, Paragraph 
83) it is understood that the encryption would be using an XML algorithm. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CORDELIA KANE whose telephone number is 
(571 )272-7771 . The examiner can normally be reached on Monday - Thursday 8:00 - 
5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/C. K./ 

Examiner, Art Unit 2132 



/Benjamin E Lanier/ 

Primary Examiner, Art Unit 2132 



